#!/bin/sh

FAKE_JWT="$(echo '
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5zdGFja2
dyZXMuaW8vYXV0aCIsImF1ZCI6ImFwaS13ZWJzZWN1cml0eSIsImp0aSI6IjdmNjY1ZDgyL
Tk5NDUtNDVlNi04ZDJmLWNhZDUzZjAwZTM4MiIsInN1YiI6ImFkbWluIiwicHJlZmVycmVk
X3VzZXJuYW1lIjoiYWRtaW4iLCJpYXQiOjE1OTE5NzYyNTMsImF1dGhfdGltZSI6MTU5MTk
3NjI1MywiZXhwIjoxNTkyMDA1MDUzfQ.SVklYKeAgR2Mh47lBI_IR6u3wdWFK-nY4oUlPRe
vejrw232lZClePW1fHwl557KRhT5th-zAI1O-o6_x9b_owO8JzNaN3jsPiFrraXCbDgT3aP
_Q2xA8I5KMwhZUs8XSxriAP2L2MUO4ePP29iK1k3av0Yl4XuVwvdJoujwoehy15b4km8GpS
tHLGSnGi6mt6utTQEvy03B7Afe5oIhLrjLwl00cblZ-q1ZT2TbtMKdtikSGupq0Qfe6itxO
3dE40-iodVieAcSInpr3m7gcflGdTcyVWR7kfxx5oaC8S8b0GoPgvj85nGAR-O05qqBsXeh
NtLXO_qrR3ShqhKzucw
' | tr -d '\n')"

run_curl() {
  local POD=curl
  local NAMESPACE="${CLUSTER_NAMESPACE:-$OPERATOR_NAMESPACE}"
  local SERVICE_NAMESPACE="$OPERATOR_NAMESPACE"
  local SERVICE=stackgres-restapi
  local SECRET=stackgres-restapi-admin
  local RESOURCE_PATH="stackgres/sgcluster"
  local EXTRA_PARAMETERS=""
  local CONTENT_TYPE="application/json"
  local ACCEPT="application/json"
  local DATA_FILENAME=""
  local PASSWORD
  local AUTHORIZATION=auto
  local JWT=""

  if [ "x$E2E_ALLOWED_NAMESPACES" != x ] \
    && ! printf ' %s ' "$E2E_ALLOWED_NAMESPACES" | grep -qF " $OPERATOR_NAMESPACE "
  then
    SERVICE_NAMESPACE="$CLUSTER_NAMESPACE"
  fi

  local opt
  local OPTARG
  local OPTIND

  while getopts ":p:n:s:N:r:c:e:d:a:j:" opt; do
    case $opt in
      p) POD="$OPTARG"
      ;;
      n) NAMESPACE="$OPTARG"
      ;;
      s) SERVICE="$OPTARG"
      ;;
      S) SECRET="$OPTARG"
      ;;
      N) SERVICE_NAMESPACE="$OPTARG"
      ;;
      r) RESOURCE_PATH="$OPTARG"
      ;;
      e) EXTRA_PARAMETERS="$OPTARG"
      ;;
      c) CONTENT_TYPE="$OPTARG"
      ;;
      d) DATA_FILENAME="$OPTARG";
      ;;
      a) AUTHORIZATION="$OPTARG";
      ;;
      j) JWT="$OPTARG";
      ;;
      \?) echo "Invalid option -$OPTARG" >&2
      return 1
      ;;
    esac
  done

  if [ "$AUTHORIZATION" = auto ]
  then
    PASSWORD="$(kubectl get secrets --namespace "$SERVICE_NAMESPACE" "$SECRET" -o jsonpath="{.data.clearPassword}" | base64 -d)"
    AUTHORIZATION="{ \"username\": \"admin\", \"password\": \"$PASSWORD\" }"
  fi

  if [ -n "$AUTHORIZATION" ] && [ -z "$JWT" ]
  then
    JWT="$(kubectl exec -i -n "$NAMESPACE" "$POD" -- \
      curl -d "$AUTHORIZATION" -k "https://$SERVICE.$SERVICE_NAMESPACE.svc.cluster.local/stackgres/auth/login" \
      --retry 5 --retry-delay 2 --retry-connrefused \
      -H "Content-Type: $CONTENT_TYPE" \
      -H "Accept: $ACCEPT" -s | jq -r .access_token)"
  fi

  if [ -n "${DATA_FILENAME}" ]
  then
    [ -f "$DATA_FILENAME" ]
    tar cf - "$DATA_FILENAME" | kubectl exec -i -n "$NAMESPACE" "$POD" -- tar xf - -C /tmp
    # shellcheck disable=SC2086
    kubectl exec -n "$NAMESPACE" "$POD" -- \
      curl -k "https://$SERVICE.$SERVICE_NAMESPACE.svc.cluster.local/$RESOURCE_PATH" \
      --retry 5 --retry-delay 2 --retry-connrefused \
      -H "Authorization: Bearer $JWT" \
      -H "Content-Type: $CONTENT_TYPE" \
      -H "Accept: $ACCEPT"  \
      --data @"/tmp/$DATA_FILENAME" -s $EXTRA_PARAMETERS
  else
    # shellcheck disable=SC2086
    kubectl exec -n "$NAMESPACE" "$POD" -- \
      curl -k "https://$SERVICE.$SERVICE_NAMESPACE.svc.cluster.local/$RESOURCE_PATH" \
      --retry 5 --retry-delay 2 --retry-connrefused \
      -H "Authorization: Bearer $JWT" \
      -H "Content-Type: $CONTENT_TYPE" \
      -H "Accept: $ACCEPT" \
      -s $EXTRA_PARAMETERS
  fi
}

uriencode() {
  jq -nr --arg v "$1" '$v|@uri'
}
